Cognitive multi-encrypted mail platform

ABSTRACT

An apparatus configured to construct an email message addressed to a plurality of recipients. The apparatus is further configured to apply a cipher and a first encryption key to a first portion of the email message, which will be viewable by each of the recipients. The apparatus applies the cipher and a second encryption key to a second portion of the email message, which will be viewable by a first recipient from among the recipients. The apparatus further applies the cipher and a third encryption key to a third portion of the mail message, which will be viewable by a second recipient from among the recipients. The apparatus then transmits the email message to a server.

TECHNICAL FIELD

This disclosure relates generally to encrypted communications. Morespecifically, this disclosure relates to a cognitive multi-encryptedmail platform.

BACKGROUND

The internet has enabled people to collaborate digitally across theglobe. Optimal performance in a remote work setting is predicated oneffective communication. Often, a team leader needs to communicate witha variety of stakeholders. Currently, email is the preferred platformfor conducting such communications. The current email formats presentseveral technical challenges that limit their application and requireduplicitous computations by the processor. Emails are either encryptedat the content level or designated as public at the current level. Thus,every recipient included on the email will be able to see the entireemail message. This means that you must start multiple email threads ifyou want to limit who can read portions of your message. This consumesadditional memory on network servers, and it requires extra processingbandwidth.

SUMMARY OF THE DISCLOSURE

According to one embodiment, an apparatus generates an encrypted emailmessage. The apparatus includes a memory and a processor. The memorystores a first symmetric encryption key that is unique to a first classof users. The memory also stores a second symmetric encryption key thatis unique to a second class of users. The second class of users is asubset of the first class of users. The memory further stores a thirdsymmetric encryption key that is unique to a third class of users. Thethird class of users is a subset of the first class of users that isdifferent from the second class of users. The processor is configured toconstruct an email message that is addressed to a plurality ofrecipients. The email message includes a first portion of the messagethat is designated as viewable by each of the recipients. Each of therecipients is in the first class of users. The email message alsoincludes a second portion of the message that is designated to only beviewable by a first recipient from among the plurality of recipients.The first recipient is in the second class of users. The email messagefurther includes a third portion of the message that is designated toonly be viewable by a second recipient from among the plurality ofrecipients. The second recipient is in the third class of users. Theprocessor then applies a cipher, using the first encryption key, to thefirst portion of the message to generate a first encrypted portion ofthe email message. The processor applies the same cipher, using thesecond encryption key, to the second portion of the message to generatea second encrypted portion of the email message. The processor appliesthe same cipher, using the third encryption key, to the third portion ofthe message to generate a third encrypted portion of the email message.The email is then transmitted to a server for further processing.

The apparatus disclosed in the present application provides a technicalsolution to the technical problems discussed above by generating anemail message with varied levels of encryption within the content of themessage. The system and apparatus described in this disclosure may beintegrated into a practical application of an email client and serverthat can determine which portions of an email message are intended forwhich recipients. The client and server may then encrypt individualportions of the email message using keys that are unique to one or moreof the intended recipients. The multi-encrypted text may be incorporatedinto a single HTML email that may be processed by a mail server forultimate distribution to the intended recipients. The novelsingle-email, multi-encryption format provides several technicaladvantages: (1) it allows a user to maintain a unified message threadwhile controlling how much information is available to each recipient inthe thread; (2) it uses a smaller amount of computer memory, whichimproves operating speeds; (3) it reduces bottlenecks in the networkbecause fewer individual emails must be sent, which in turn decreasesthe load on network infrastructure; and (4) it provides a moremanageable record of communications.

Certain embodiments of the present disclosure may include some, all, ornone of these advantages. These advantages and other features will bemore clearly understood from the following detailed description taken inconjunction with the accompanying drawings and claims.

BRIEF DESCRIPTION OF THE DRAWINGS

For a more complete understanding of this disclosure, reference is nowmade to the following brief description, taken in connection with theaccompanying drawings and detailed description, wherein like referencenumerals represent like parts.

FIG. 1 is a schematic diagram of an embodiment of a system forgenerating and handling multi-encrypted email messages;

FIG. 2 is a workflow diagram of a sample use case for the systemillustrated in FIG. 1;

FIG. 3 is a flowchart of an embodiment of a method for generating amulti-encrypted email message;

FIG. 4 is an embodiment of an interface for generating a multi-encryptedemail message;

FIG. 5 is a flowchart of an embodiment of a method for handlingmulti-encrypted email messages;

FIG. 6 is an embodiment of a received multi-encrypted email message;

FIG. 7 is a flowchart of an embodiment of a method for generating areply to a multi-encrypted email message; and

FIG. 8 is an embodiment of a reply to a multi-encrypted email message.

DETAILED DESCRIPTION

As described above, existing technology for sending and receiving emailsbetween a team of people requires starting multiple email threads if youwant different people on the team to be able to view differentinformation. The embodiments described in the illustrative examples ofFIGS. 1-8 below facilitate more efficient means of communication througha process of multi-encrypted message threads. For example, theinventions contemplated by the present disclosure reduce the number ofseparate emails that have to be sent, which in turn reduces bottlenecksin the network and eases the burden on processors and telecommunicationsequipment (e.g., routers, switches, and email servers) in the network.The proposed apparatuses and methods disclosed below detail thegeneration of multi-encrypted emails, the server-side processing ofmulti-encrypted email messages before delivery to their intendedrecipient, and the generation of reply messages in the multi-encryptedformat.

System Overview

FIG. 1 is a schematic diagram of an embodiment of a system forgenerating and handling multi-encrypted email messages. The examplesystem 100 describes an operating environment for several apparatuseswhose operation is detailed in FIGS. 3-8. The system 100 comprises amail server 102, user device 104, user device 106, user device 108, userdevice 110, and user device 112. The mail server 102 is in communicationwith the user devices 104-112 via network 114. Network 114 is anysuitable type of network operable to support communication between usersand components (e.g., user devices 102-112 and mail server 102) of thesystem 100. The network 114 may include all or a portion of theInternet, a public switched telephone network (PSTN), a public network,a private network, a local area network (LAN), a metropolitan areanetwork (MAN), a wide area network (WAN), or any other suitable type ofnetwork. The network 114 may be configured to support any suitable typeof communication protocol as would be appreciated by one of ordinaryskill in the art upon viewing this disclosure.

The mail server 102 includes a network interface 116, a processor 118,and a memory 120. The network interface 116 is configured to enablewired and/or wireless communications. The network interface 116 isconfigured to communicate data between mail server 102 and user devices104-112 in the system 100 and/or any other system or domain. Forexample, the network interface 116 may comprise a WIFI interface, alocal area network (LAN) interface, a wide area network (WAN) interface,a modem, a switch, or a router. The processor 118 is configured to sendand receive data using the network interface 116. The network interface116 may be configured to use any suitable type of communication protocolas would be appreciated by one of ordinary skill in the art.

The processor 118 comprises one or more processors operably coupled tothe memory 120. The processor 118 is any electronic circuitry including,but not limited to, state machines, one or more central processing unit(CPU) chips, logic units, cores (e.g. a multi-core processor),field-programmable gate array (FPGAs), application specific integratedcircuits (ASICs), or digital signal processors (DSPs). The processor 118may be a programmable logic device, a microcontroller, a microprocessor,or any suitable combination of the preceding. The processor 118 iscommunicatively coupled to and in signal communication with the memory120. The one or more processors are configured to process data and maybe implemented in hardware or software. For example, the processor 118may be 8-bit, 16-bit, 32-bit, 64-bit or of any other suitablearchitecture. The processor 118 may include an arithmetic logic unit(ALU) for performing arithmetic and logic operations, processorregisters that supply operands to the ALU and store the results of ALUoperations, and a control unit that fetches instructions from memory andexecutes them by directing the coordinated operations of the ALU,registers and other components.

The one or more processors are configured to implement variousinstructions. For example, the one or more processors are configured toexecute instructions 123 to implement a message segregation engine 122.The one or more processors are further configured to executeinstructions 125 to implement a text encryption engine 124.Additionally, the one or more processors are configured to executeinstructions 129 to implement an email distribution engine 128. In thisway, processor 118 may be a special-purpose computer designed toimplement the functions disclosed herein. In an embodiment, the messagesegregation engine 122, text encryption engine 124, and emaildistribution engine 128 are each implemented using logic units, FPGAs,ASICs, DSPs, or any other suitable hardware.

The message segregation engine 122, text encryption engine 124, andemail distribution engine 128 are described in FIGS. 5-6. For example,the message segregation engine 122, text encryption engine 124, andemail distribution engine 128 may be configured to perform steps of themethod 500 described in FIG. 5.

The memory 120 comprises one or more disks, tape drives, or solid-statedrives, and may be used as an over-flow data storage device, to storeprograms when such programs are selected for execution, and to storeinstructions and data that are read during program execution. The memory120 may be volatile or non-volatile and may comprise read-only memory(ROM), random-access memory (RAM), ternary content-addressable memory(TCAM), dynamic random-access memory (DRAM), and static random-accessmemory (SRAM). The memory 120 is operable to store message segregationengine 122, including instructions 123; text encryption engine 124,including instructions 125; masking rules 126; encryption keys 127, andemail distribution engine 128, including instructions 129. Theinstructions 123, 125, and 129 are any suitable set of instructions,logic, rules, or code that when executed by processor 118 implement themessage segregation engine 122, text encryption engine 124, and emaildistribution engine 128, respectively. The masking instructions 126 andencryption keys 127 are described in further detail with respect to FIG.5.

User devices 104-112 represent any suitable computing device that cansend and receive emails. The user devices 104-112 generally comprise adisplay 130 capable of displaying text to a user, a network interface132, a processor 134, and a memory 136. While the user devices 104-112are illustrated as a desktop computer in FIG. 1, one of ordinary skillin the art will appreciate that the user devices 104-112 may be a mobilephone, a laptop, a tablet computer, a personal digital assistant, or anysimilar device. The display 130 may be a cathode ray tube (CRT) display,a liquid crystal display (LCD), a liquid crystal on silicon (LCOS)display, a light emitting diode (LED) display, an active matrix OLED(AMOLED), an organic LED (OLED) display, a projector display, or anyother suitable type of display as would be appreciated by one ofordinary skill in the art upon viewing this disclosure.

The network interface 132 is configured to enable wired and/or wirelesscommunications. The network interface 132 is configured to communicatedata between the user devices 104-112 and the mail server 102 and/or anyother system or domain. For example, the network interface 132 maycomprise a WIFI interface, a local area network (LAN) interface, a widearea network (WAN) interface, a modem, a switch, or a router. Theprocessor 134 is configured to send and receive data using the networkinterface 132. The network interface 132 may be configured to use anysuitable type of communication protocol as would be appreciated by oneof ordinary skill in the art.

The processor 134 comprises one or more processors operably coupled tothe memory 136. The processor 134 is any electronic circuitry including,but not limited to, state machines, one or more central processing unit(CPU) chips, logic units, cores (e.g. a multi-core processor),field-programmable gate array (FPGAs), application specific integratedcircuits (ASICs), or digital signal processors (DSPs). The processor 134may be a programmable logic device, a microcontroller, a microprocessor,or any suitable combination of the preceding. The processor 134 iscommunicatively coupled to and in signal communication with the memory136. The one or more processors are configured to process data and maybe implemented in hardware or software. For example, the processor 134may be 8-bit, 16-bit, 32-bit, 64-bit or of any other suitablearchitecture. The processor 134 may include an arithmetic logic unit(ALU) for performing arithmetic and logic operations, processorregisters that supply operands to the ALU and store the results of ALUoperations, and a control unit that fetches instructions from memory andexecutes them by directing the coordinated operations of the ALU,registers and other components.

The one or more processors are configured to implement variousinstructions. For example, the one or more processors are configured toexecute instructions 140 to implement a multi-encryption engine 138.They are further configured to execute instructions 144 to implement aresponse engine 142. They are also configured to execute instructions148 to implement an email client 146. They are also configured toexecute instructions 152 to implement an encryption mapping engine 150.In this way, processor 134 may be a special-purpose computer designed toimplement the functions disclosed herein. In an embodiment, themulti-encryption engine 138, response engine 142, email client 146, andencryption mapping engine 150 are each implemented using logic units,FPGAs, ASICs, DSPs, or any other suitable hardware.

The multi-encryption engine 138 is described in FIGS. 3-4. The responseengine 142 is described in FIGS. 6-8. The email client 146 is describedin FIGS. 3-4 & 6-8. The encryption mapping engine 150 is described inFIGS. 6-7.

The memory 136 comprises one or more disks, tape drives, or solid-statedrives, and may be used as an over-flow data storage device, to storeprograms when such programs are selected for execution, and to storeinstructions and data that are read during program execution. The memory136 may be volatile or non-volatile and may comprise read-only memory(ROM), random-access memory (RAM), ternary content-addressable memory(TCAM), dynamic random-access memory (DRAM), and static random-accessmemory (SRAM). The memory 136 is operable to store instructions 140,144, 148, and 152. The instructions 140, 144, 148, and 152 may compriseany suitable set of instructions, logic, rules, or code that whenexecuted by processor 134 implement the multi-encryption engine 138,response engine 142, email client 146, and encryption mapping engine150, respectively. The memory 136 is further operable to store one ormore encryption keys 154. The encryption keys 154 may be used to encryptand decrypt portions of email messages. Additional detail about theencryption keys 154 is provided in FIGS. 3 & 7.

FIG. 2 illustrates a workflow diagram of a sample use case for thesystem illustrated in FIG. 1. The workflow 200 is illustrated as itwould occur through the interface of a mail server 102 and an emailclient 146. Specific user devices 104-112 are depicted as beingassociated with a collaborator (i.e., the individual initiating a threadof multi-encrypted email messages) or a public or private recipient(i.e. recipients of a multi-encrypted email message with access tospecific levels of encrypted information in a multi-encrypted message).For example, user device 104 may be associated with a private recipient202, user device 108 may be associated with a public recipient 204, anduser device 112 may be associated with a collaborator 206. The workflow200 begins at step 208 where the collaborator 206 uses device 112 todraft an email message addressed to private recipient 202 and publicrecipient 204. The collaborator 206 designates certain portions of theemail message to have a public encryption level, whereby all recipientsmay view it upon receipt, and certain portions of the email message tohave a private encryption level, whereby only specific recipients (inthis case private recipient 202) may view it upon receipt. This emailmessage is drafted using the email client 146. The email client 146 thenapplies the appropriate level of encryption to each portion of themessage using the multi-encryption engine 138. Details about theoperation of multi-encryption engine 138 are provided in the discussionsof FIGS. 3 & 4.

The next phase of workflow 200 occurs at the mail server 102. Once themail server 102 receives a multi-encrypted message, the segregationengine 122 determines which portions of the message are intended forwhich recipient. Then, at step 210, the mail server 102 generatesindividualized instances of the received email message to send to theprivate recipient 202 and public recipient 204. This involvesformulating individual HTML messages, validating that the instance ofthe message is addressed to the correct recipient, and determining theproper masking policy for obscuring portions of the message that arecipient is not supposed to view.

The text encryption engine 124 applies the appropriate type of maskingbased on the intended recipient. The masking policy is determined basedon the masking rules 126. Assume that the email message drafted bycollaborator 206 contains two paragraphs of text. The collaborator 206assigned a public level of encryption to the first paragraph and aprivate level of encryption to the second paragraph. Once the singleemail with two levels of encryption is received by the mail server 102,the segregation engine 122 will create two copies of the email, one thatis addressed to private recipient 202 and one addressed to publicrecipient 204. The text encryption engine 124 determines that, accordingto the masking rules 126, no masking is required for text that has apublic level of encryption. Thus, the first paragraph in both instanceswill not be masked. The text encryption engine 124 determines thatpublic user 108 does not have permission to view text of a privateencryption level, so it will mask the second paragraph, according to themasking rules 126, in the instance of the email addressed to the publicrecipient 204. The instance of the email addressed to the privaterecipient 202 will not contain any masking because private recipient 202has the appropriate privileges to view portions of messages that areboth private- or public-level encrypted. The email distribution engine128 then transmits the masked instances to the intended recipients, inthis case private recipient 202 and public recipient 204. More detailabout the operations of the mail server 102 are provided below withrespect to FIGS. 5 & 6.

The workflow 200 continues when the private recipient 202 and publicrecipient 204 receive their instances of the email message sent bycollaborator 206. The remaining portions of the workflow 200 areperformed by the email client 146, this time from the user devices 104and 108. The encryption mapping engine 150 is used to determine whichencryption keys are necessary to decrypt the multi-encrypted message.Once decrypted, private recipient 202 may view the public message 214and private message 215 in a single email at step 213. Public recipient204 may view the public message at step 212. In the example workflow200, public recipient 204 decides to reply to the public message. Step212 also involves creating a reply message to be sent back tocollaborator 206. User 204 designates portions of the reply message asbeing responsive to portions of the message received from collaborator206. The encryption mapping engine 150 then determines the appropriatelevel of encryption to apply to each section of the reply message basedon these designations. Finally, the response engine 142 applies themultiple encryption levels to the message and transmits the reply tomail server 102 for further processing and distribution. Additionaldetails about the receipt of and reply to multi-encrypted email messageare provided below with respect to FIGS. 6-8.

Multi-Encrypted Message Generation

FIG. 3 is a flowchart of an embodiment of a method 300 for generating amulti-encrypted email message. The method 300 is best understood inconjunction with FIG. 4, which illustrates an embodiment of an interfacefor generating a multi-encrypted email message. The method 300 in FIG. 3begins at step 302 where an email client 146 receives text input andstructures it into an HTML email. Other formats (e.g., plain text andrich text) may be used. For example, FIG. 4 illustrates how the emailclient 146 may generate an email 400. The email 400 includes “To” field402 where the user may input the email address of any recipients 404.The email 400 also includes a “carbon copy” field 406 where the user mayinput the email address for any recipients to which the user also wantsto send a copy of the email. Email 400 further includes a subject field408. Finally, email 400 includes a text field 410 where the user maydraft its message. In this example, the text field 410 comprisesparagraphs 412, 414, 416, and 418.

Returning to FIG. 3, the method 300 proceeds to step 304 where the useridentifies which portions of the email are intended to be viewed bywhich recipient. FIG. 4 illustrates how this might be accomplished. Theuser may access a drop-down menu 420 by right clicking on a highlightedportion of text in the text field 410. The drop-down menu 420 thenprovides several options to the user. The user may select one of theselectable option fields 422-428 to designate the intended recipient forthat portion of text. The designations made at this step will determinethe level of encryption to be applied to that portion of the email. Forexample, the user may designate paragraph 412 as intended for the public(i.e., all the recipients listed in field 402) by highlighting paragraph412, right clicking on the highlighted text, and selecting option field422 from the drop-down menu 420. The user may designate paragraph 414 asintended for “recipient 1” by highlighting paragraph 414, right clickingon the highlighted text, and selecting option field 424. The user mayfurther designate paragraph 416 as intended for “recipient 3” byhighlighting paragraph 416, right clicking on the highlighted text, andselecting option field 428. The user may then designate paragraph 418 asintended for “recipient 2” by highlighting paragraph 418, right clickingon the highlighted text, and selecting option field 426. While in thisexample each paragraph is only assigned to one type of recipient, it ispossible to select multiple classes of recipients by selecting more thanone of the option fields 422-428. Additionally, while the selectableoption fields 422-428 include the names of the individual recipients, itmay be configured to display the names of recipient groups.

One of ordinary skill in the art will appreciate that other means ofassigning portions of the email to different recipients are possible.For example, keyboard shortcuts can be configured so that pressing a keybefore and after typing a portion of text will assign that portion oftext to a specific recipient or group of recipients. Speech recognitioncan be used to assign portions of the email message to specificrecipients or a group of recipients by using voice commands.Highlighting tools may be used to assign portions of text to specificrecipients without having to select the recipient's name from a menu.

After a portion of the email message is designated for viewing by acertain recipient or group of recipients, the email 400 may alter thedisplay of the text within the text field 410 to provide a visualindication of which portions of the message have been designated forreceipt by specific recipients or groups of recipients. For example, thetext might be highlighted, or it might be displayed using a differentformat. The different format may comprise a different font, a differenttext color, a different text size, or any combination thereof.

Returning to FIG. 3, the method 300 proceeds to step 306 where themulti-encryption engine 138 encrypts each portion of the email 400according to the designations made at step 304. Each recipient or groupof recipients represents a different level of encryption. In the exampleof FIG. 4 described above, there are different encryption keys 127 forthe public classification (option 422), “recipient 1” (option 424),“recipient 2” (option 426), and “recipient 3” (option 428). Theencryption keys 127 in this example are symmetrical, but the disclosedsystem and apparatuses may use asymmetrical key pairs. Themulti-encryption engine 138 applies a cipher and the appropriateencryption key 127 to each portion of the message in email 400 toproduce a multi-encrypted email. The cipher used by multi-encryptionengine 138 may be any reciprocal cipher. For example, the cipher may bea block cipher or a stream cipher. In particular, the cipher may beChaCha, RC4, A5/1, A5/2, Chameleon, FISH, Helix, ISAAC, MUGI, Panama,Phelix, Pike, Salsa20, SEAL, SOBER, SOBER-128, WAKE, Lucifer, DES, IDEA,RC5, Rijendael, AES, Blowfish, or any similar ciphers capable of use inemail encryption.

This process can be visualized using the example of FIG. 4. Because theuser designated paragraph 412 as public at step 304, themulti-encryption engine 138 selects the encryption key 127 having thepublic classification and uses it with the cipher to create a firstencrypted portion (comprising paragraph 412) of the email 400. Becausethe user designated paragraph 414 to be readable by “recipient 1” atstep 304, the multi-encryption engine 138 selects the encryption key 127associated with “recipient 1” and uses it with the cipher to create asecond encrypted portion (comprising paragraph 414) of the email 400.Because the user designated paragraph 416 to be readable by “recipient3” at step 304, the multi-encryption engine 138 selects the encryptionkey 127 associated with “recipient 3” and uses it with the cipher tocreate a third encrypted portion (comprising paragraph 416) of the email400. Because the user designated paragraph 418 to be readable by“recipient 2” at step 304, the multi-encryption engine 138 selects theencryption key 127 associated with “recipient 2” and uses it with thecipher to create a fourth encrypted portion (comprising paragraph 418)of the email 400. This results in a single email 400 with differentlevels of encryption in different portions of the message.

Referring back to FIG. 3, the method 300 proceeds to step 308 where theemail client 146 transmits the multi-encrypted email generated at step306 to a mail server 102. The mail server 102 is then responsible fordistribution to the intended recipients.

Mail Server Handling of Multi-Encrypted Messages

FIG. 5 is a flowchart of an embodiment of a method 500 for handlingmulti-encrypted email messages. The method 500 starts at step 502 wherethe mail server 102 receives an email with multiple levels of encryptionin various portions of the message that is addressed to multiplerecipients. For example, this may be the multi-encrypted email generatedat step 306 of method 300 described above. In that example, the email400 had four levels of encryption and was addressed to three recipients.Successive steps of the method 500 will be explained using this example,but other formats of multi-encryption messages can be processed usingthe method 500.

At step 504, the message segregation engine 122 generates separateinstances of the received email. Because there are three recipients inthis example, segregation engine 122 generates three instances of themulti-encrypted email. Each instance of the email is addressed to one ofthe recipients. Each instance contains the same information and the samelevels of encryption.

Next, at step 506, masking is applied to portions of the message in eachinstance by the text encryption engine 124. The masking step obscures orremoves information from a recipient's instance of the email when thatrecipient was not intended to see the information. The appropriate levelof masking is determined by reference to the masking rules 126. In theexample email 400, paragraph 412 was encrypted at a public levelintended to allow all recipients to see it. Thus, no masking would beapplied to paragraph 412 in any of the instances of the email. Paragraph414 was encrypted for viewing by recipient 1, so paragraph 414 would bemasked in the instances of the email addressed to “recipients 2 and 3”.Paragraph 416 was encrypted for viewing by “recipient 3”, so paragraph416 would be masked in the instances of the email addressed torecipients 1 and 2. Paragraph 418 was encrypted for viewing by“recipient 2”, so paragraph 418 would be masked in the instances of theemail addressed to “recipients 1 and 3”.

FIG. 6 illustrates what a masked instance of the email would look liketo the recipient. The email 600 is an instance of the email 400 that isaddressed to recipient 3. The email 600 provides an indication 602 ofwho sent the email, a subject line 604, and a recipient list 606. Therecipient list 606 may be configured to show all the recipients in thethread or only the immediate recipient of the email 600. Here, only therecipient of this instance is listed in the recipient list 606. Theemail 600 also includes a reply button 608 and forward button 610. Thesebuttons function similarly to normal emails, with some distinctionsdiscussed below in FIGS. 7-8.

The body of the email 600 comprises the same paragraphs 412 and 416 aswere in the original email received by mail server 102. However, inplace of paragraphs 414 and 418 there are redacted portions 614 and 618.The redacted portions 614 and 618 may be blurred versions of theoriginal paragraph. The redacted portions 614 and 618 may alternativelycomprise black redaction bars where the original paragraphs would havebeen located. Alternative embodiments may omit the redacted portions 614and 618 altogether so that only the paragraphs 412 and 416 would bevisible. The type of masking applied may be selected by the user beforethe email 400 is sent to the mail server 102. In some embodiments, thesystem may randomly select a form of masking. The masking techniqueselected may be the same for each instance, or different recipients mayreceive different masking in their instance based on the preference ofthe user.

Returning to FIG. 5, the method 500 proceeds to step 508 where the emaildistribution engine 128 transmits the instances to their intendedrecipients. Transmission by the email distribution engine 128 starts thethread tracked by the mail server 102. The mail server maintains a listof the recipients of the initial email along with the levels ofencryption that were applied to portions of the email. When recipientsreply to their instance, the email distribution engine 128 tracks whichportion of the email to which that recipient is responding. It then usesthis to maintain an individualized thread for each party. The initiatorof the thread (i.e., the sender of email 400) may be able to see all thetraffic generated under the thread while each recipient will only beable to see those portions to which they were granted privileges toview.

Reply Message Generation

FIG. 7 is a flowchart of an embodiment of a method 700 for generating areply to a multi-encrypted email message. The method 700 starts at step702 when an email client 146 presents an email with multiple levels ofencryption in various portions of the message to a user. The emailclient 146 decrypts each portion using the appropriate encryption key154.

A decrypted email is illustrated in FIG. 6. To start a reply message,the user would press the reply button 608 pictured in FIG. 6. This wouldopen a new window where the user could draft a response. This new windowis illustrated in FIG. 8. The reply message 800 in FIG. 8 includes a“To” field 802 where the user can input an email address for the partyto which the user wants to send a reply. The reply message 800 alsoincludes a “carbon copy” field 804 like the “carbon copy” field 406illustrated in FIG. 4. The reply message 800 further includes a subjectfield 806. Reply message 800 also includes a text field 808 where theuser may draft a reply message.

Returning to FIG. 7, at step 704 the email client 146 receives the textinput in text field 808. This text constitutes the reply message. Afterthe text is generated in text field 808, the method 700 proceeds to step706 where an indication is received that portions of the reply messageare in response to specific portions of the multi-encrypted messagereceived from the mail server 102. This process may be illustrated withreference to FIG. 8. The reply message 800 in FIG. 8 includes paragraphs810 and 812 in the text field 808. The user may highlight a portion ofthe text, for example paragraph 812, and right click the highlightedtext to open a drop-down menu 814. The drop-down menu 814 displays aminiature version of a received multi-encrypted message 816. Thereceived multi-encrypted message 816 comprises a paragraph 818 and aparagraph 820. Paragraph 818 has a first level of encryption andparagraph 820 has a second level of encryption. The paragraphs 816 and818 displayed in drop-down menu 814 are selectable. By selecting one ofthem, the user indicates that the highlighted text is in response tothat section of the received multi-encrypted message 816. The user mayperform this task for each section of the reply message drafted in textfield 808. For example, the user might assign paragraph 810 as aresponse to paragraph 820, and paragraph 812 as a response to paragraph818.

After the portions of the reply message are designated as responses toportions of the received multi-encrypted message, the method 700 of FIG.7 proceeds to step 708. Step 708 involves determining the appropriatelevel of encryption to apply to each portion of the reply message. Theencryption mapping engine 150 first determines the appropriate level ofencryption. In the example of FIG. 8, the encryption mapping engine canrecognize that paragraph 818 is of a first encryption level and thatparagraph 820 is of a second encryption level. The encryption mappingengine 150 then searches the encryption keys 154 for the key thatmatches the level of encryption.

Once the proper encryption key 154 is identified, the method 700proceeds to step 710 where each portion of the reply message isencrypted with the appropriate key. In this example, the paragraph 810is encrypted with the encryption key 154 corresponding to the secondencryption level, and paragraph 812 is encrypted with the encryption key154 corresponding to the first encryption level. The same cipher thatwas used to encrypt the received multi-encrypted message is used toencrypt the reply message. As mentioned above, the encryption keys usedin the described embodiments are symmetric, but the disclosed methodsmay also employ asymmetrical-key algorithms.

Finally, after encryption is complete, the method 700 proceeds to step712 where the response engine 142 transmits the reply message to a mailserver 102 for ultimate distribution to the intended recipients.Generation of individual instances of the reply message for eachrecipient, along with masking where appropriate, occurs at the mailserver 102 as described in the section on mail server handling ofmulti-encrypted messages.

While several embodiments have been provided in the present disclosure,it should be understood that the disclosed systems and methods might beembodied in many other specific forms without departing from the spiritor scope of the present disclosure. The present examples are to beconsidered as illustrative and not restrictive, and the intention is notto be limited to the details given herein. For example, the variouselements or components may be combined or integrated in another systemor certain features may be omitted, or not implemented.

In addition, techniques, systems, subsystems, and methods described andillustrated in the various embodiments as discrete or separate may becombined or integrated with other systems, modules, techniques, ormethods without departing from the scope of the present disclosure.Other items shown or discussed as coupled or directly coupled orcommunicating with each other may be indirectly coupled or communicatingthrough some interface, device, or intermediate component whetherelectrically, mechanically, or otherwise. Other examples of changes,substitutions, and alterations are ascertainable by one skilled in theart and could be made without departing from the spirit and scopedisclosed herein.

To aid the Patent Office, and any readers of any patent issued on thisapplication in interpreting the claims appended hereto, applicants notethat they do not intend any of the appended claims to invoke 35 U.S.C. §112(f) as it exists on the date of filing hereof unless the words “meansfor” or “step for” are explicitly used in the particular claim.

What is claimed is:
 1. An apparatus for generating an encrypted emailmessage, comprising: a memory configured to store: a first symmetricencryption key unique to a first class of users; a second symmetricencryption key unique to a second class of users, the second class ofusers being a subset of the first class of users; a third symmetricencryption key unique to a third class of users, the third class ofusers being a subset of the first class of users that is different fromthe second class of users; a hardware processor configured to: constructan email message that is addressed to a plurality of recipients,comprising: a first portion of the message that is designated to beviewable by each of the plurality of recipients, wherein each of therecipients is in the first class of users; a second portion of themessage that is designated to only be viewable by a first recipient fromamong the plurality of recipients, wherein the first recipient is in thesecond class of users; and a third portion of the message that isdesignated to only be viewable by a second recipient from among theplurality of recipients, wherein the second recipient is in the thirdclass of users; apply a cipher, using the first encryption key, to thefirst portion of the message to generate a first encrypted portion ofthe email message; apply the cipher, using the second encryption key, tothe second portion of the message to generate a second encrypted portionof the email message; apply the cipher, using the third encryption key,to the third portion of the message to generate a third encryptedportion of the email message; transmit the email message to a server. 2.The apparatus of claim 1, wherein the hardware processor is furtherconfigured to receive an input designating: the first portion of theemail message as viewable by each of the plurality of recipients; thesecond portion of the email message as viewable by the first recipientfrom among the plurality of recipients; and the third portion of theemail message as viewable by the second recipient from among theplurality of recipients.
 3. The apparatus of claim 2, wherein: the inputcomprises selections made from a list of recipients in a drop-down menu;and the drop-down menu comprises a plurality of selectable optionfields.
 4. The apparatus of claim 2, wherein the input compriseshighlighting text in the email message.
 5. The apparatus of claim 1,wherein the cipher is a block cipher.
 6. The apparatus of claim 1,wherein the hardware processor is further configured to: cause the textin the first portion of the message to appear in a first format on adisplay; cause the text in the second portion of the message to appearin a second format on the display; and cause the text in the thirdportion of the message to appear in a third format on the display. 7.The apparatus of claim 6, wherein: the first format comprises a firsttext color; the second format comprises a second text color; and thethird format comprises a third text color.
 8. A method for generating anencrypted email message, comprising: constructing an email message thatis addressed to a plurality of recipients, comprising: a first portionof the message that is designated to be viewable by each of theplurality of recipients, wherein each of the recipients is in a firstclass of users; a second portion of the message that is designated toonly be viewable by a first recipient from among the plurality ofrecipients, wherein the first recipient is in a second class of users;and a third portion of the message that is designated for to only beviewable by a second recipient from among the plurality of recipients,wherein the second recipient is in a third class of users; applying acipher, using a first symmetric encryption key that is unique to thefirst class of users, to the first portion of the message to generate afirst encrypted portion of the email message; applying the cipher, usinga second symmetric encryption key that is unique to the second class ofusers, to the second portion of the message to generate a secondencrypted portion of the email message; and applying the cipher, using athird symmetric encryption key that is unique to the third class ofusers, to the third portion of the message to generate a third encryptedportion of the email message; transmitting the email message to aserver.
 9. The method of claim 8, further comprising receiving in inputdesignating: the first portion of the email message as viewable by eachof the plurality of recipients; the second portion of the email messageas viewable by the first recipient from among the plurality ofrecipients; and the third portion of the email message as viewable bythe second recipient from among the plurality of recipients.
 10. Themethod of claim 9, wherein: the input comprises selections made from alist of recipients in a drop-down menu; and the drop-down menu comprisesa plurality of selectable option fields.
 11. The method of claim 9,wherein the input comprises highlighting text in the email message. 12.The method of claim 8, further comprising: causing the text in the firstportion of the message to appear in a first format on a display; causingthe text in the second portion of the message to appear in a secondformat on the display; and causing the text in the third portion of themessage to appear in a third format on the display.
 13. The method ofclaim 12, wherein: the first format comprises a first text color; thesecond format comprises a second text color; and the third formatcomprises a third text color.
 14. The method of claim 8, wherein thecipher is a block cipher.
 15. A computer program comprising executableinstructions stored in a non-transitory computer readable medium thatwhen executed by a processor cause the processor to: construct an emailmessage that is addressed to a plurality of recipients, comprising: afirst portion of the message that is designated to be viewable by eachof the plurality of recipients, wherein each of the recipients is in afirst class of users; a second portion of the message that is designatedto only be viewable by a first recipient from among the plurality ofrecipients, wherein the first recipient is in a second class of users;and a third portion of the message that is designated for to only beviewable by a second recipient from among the plurality of recipients,wherein the second recipient is in a third class of users; apply acipher, using a first symmetric encryption key that is unique to thefirst class of users, to the first portion of the message to generate afirst encrypted portion of the email message; apply applying the cipher,using a second symmetric encryption key that is unique to the secondclass of users, to the second portion of the message to generate asecond encrypted portion of the email message; and apply the cipher,using a third symmetric encryption key that is unique to the third classof users, to the third portion of the message to generate a thirdencrypted portion of the email message; transmit the email message to aserver.
 16. The computer program of claim 15, further comprisinginstructions that when executed by the processor cause the processor toreceive an input designating: the first portion of the email message asviewable by each of the plurality of recipients; the second portion ofthe email message as viewable by the first recipient from among theplurality of recipients; and the third portion of the email message asviewable by the second recipient from among the plurality of recipients.17. The computer program of claim 16, wherein: the input comprisesselections made from a list of recipients in a drop-down menu; and thedrop-down menu comprises a plurality of selectable option fields. 18.The computer program of claim 16, wherein the input compriseshighlighting text in the email message.
 19. The computer program ofclaim 15, further comprising instructions that when executed by theprocessor cause the processor to: cause the text in the first portion ofthe message to appear in a first format on a display; cause the text inthe second portion of the message to appear in a second format on thedisplay; and cause the text in the third portion of the message toappear in a third format on the display.
 20. The computer program ofclaim 19, wherein: the first format comprises a first text color; thesecond format comprises a second text color; and the third formatcomprises a third text color.